Bunni, a decentralized exchange built on Uniswap v4, has paused all smart contract functions after a security breach that drained an estimated $8.4 million in crypto.
Blockchain security firm CertiK said the exploit targeted BunniHub, the protocol’s main contract system, and resulted in $2.3 million in losses on Ethereum. An earlier attack on Uniswap Labs’ layer-2 network Unichain pushed total losses to around $8.4 million. CertiK traced the stolen funds to two Ethereum wallets.
Bunni’s developers have suspended all contract operations across supported networks while they investigate. In a social post they wrote: “As a precaution, we have paused all smart contract functions on all networks. Our team is actively investigating and will provide updates soon.”
The exchange runs on Uniswap v4’s hooks feature — a plugin system that lets projects customize how pools, swaps, fees and liquidity positions interact. While hooks enable new features, they also increase the attack surface when implementations are novel or complex.
Why this matters: the incident highlights persistent security risks in cutting-edge DeFi. Pausing contracts can limit further damage, but users and integrators should monitor the two traced wallets and avoid interacting with paused or unfamiliar contracts until audits and investigations conclude. Projects building on new protocol layers should factor increased operational and smart contract risk into their security planning. This is not investment advice.
Source: CoinDesk. Read the original coverage for full details.